From 3ba4284a6d3feb9aa3ce9da950eea13e4c6e6f49 Mon Sep 17 00:00:00 2001
From: Hugo Trippaers <htrippaers@schubergphilis.com>
Date: Tue, 16 Jun 2015 14:35:31 +0200
Subject: [PATCH] CXF-6464 Add attachment support to derived key sign/encrypt

---
 parent/pom.xml                                    |  2 +-
 .../policyhandlers/SymmetricBindingHandler.java   | 15 ++++++++++++++-
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/parent/pom.xml b/parent/pom.xml
index 4c132cb0606..b4af0b53bdc 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -146,7 +146,7 @@
         <cxf.woodstox.core.version>4.4.1</cxf.woodstox.core.version>
         <cxf.woodstox.stax2-api.version>3.1.4</cxf.woodstox.stax2-api.version>
         <cxf.wsdl4j.version>1.6.3</cxf.wsdl4j.version>
-        <cxf.wss4j.version>2.1.1</cxf.wss4j.version>
+        <cxf.wss4j.version>2.1.2-SNAPSHOT</cxf.wss4j.version>
         <cxf.xerces.version>2.11.0</cxf.xerces.version>
         <cxf.xmlbeans.version>2.6.0</cxf.xmlbeans.version>
         <cxf.xmlschema.version>2.2.1</cxf.xmlschema.version>
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
index 64f6d5e03e7..8068e341c46 100644
--- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/SymmetricBindingHandler.java
@@ -403,6 +403,7 @@ private WSSecBase doEncryptionDerived(AbstractTokenWrapper recToken,
             WSSecDKEncrypt dkEncr = new WSSecDKEncrypt();
             dkEncr.setIdAllocator(wssConfig.getIdAllocator());
             dkEncr.setCallbackLookup(callbackLookup);
+            dkEncr.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
             if (recToken.getToken().getVersion() == SPConstants.SPVersion.SP11) {
                 dkEncr.setWscVersion(ConversationConstants.VERSION_05_02);
             }
@@ -486,10 +487,21 @@ private WSSecBase doEncryptionDerived(AbstractTokenWrapper recToken,
             encrDKTokenElem = dkEncr.getdktElement();
             addDerivedKeyElement(encrDKTokenElem);
             Element refList = dkEncr.encryptForExternalRef(null, encrParts);
+            List<Element> attachments = dkEncr.getAttachmentEncryptedDataElements();
             if (atEnd) {
                 this.insertBeforeBottomUp(refList);
+                if (attachments != null) {
+                    for (Element attachment : attachments) {
+                        this.insertBeforeBottomUp(attachment);
+                    }
+                }
             } else {
-                this.addDerivedKeyElement(refList);                        
+                this.addDerivedKeyElement(refList);
+                if (attachments != null) {
+                    for (Element attachment : attachments) {
+                        this.addDerivedKeyElement(attachment);
+                    }
+                }
             }
             return dkEncr;
         } catch (Exception e) {
@@ -631,6 +643,7 @@ private byte[] doSignatureDK(List<WSEncryptionPart> sigs,
         WSSecDKSign dkSign = new WSSecDKSign();
         dkSign.setIdAllocator(wssConfig.getIdAllocator());
         dkSign.setCallbackLookup(callbackLookup);
+        dkSign.setAttachmentCallbackHandler(new AttachmentCallbackHandler(message));
         if (policyAbstractTokenWrapper.getToken().getVersion() == SPConstants.SPVersion.SP11) {
             dkSign.setWscVersion(ConversationConstants.VERSION_05_02);
         }